Please disable the SELinux execstack/relro checks before FC5 final
Ulrich Drepper
drepper at redhat.com
Sat Feb 18 02:48:59 UTC 2006
Arjan van de Ven wrote:
> right now I fear the only sane answer is "set all to permissive
> behavior"; the minimum for fc5 would be everything that can do plugins
> of any kind, or uses libraries that tend to get replaced (3D ones ;).
> But that ends up being a whole whopping lot...
I'm not so sure.
The most crappy software are all those mozilla/firefox/thunderbird
plugins. So, yes, we might need more time for that although I'd rather
prefer to have a separate domain for those programs.
The NVidia driver also needs an executable stack but nothing else.
What I have not seen are programs which have their own domain and still
need any of the booleans set. Somebody should show real evidence that
any of those domains need the permission checks disable.
If we cannot move the moz/ffox/tbird into their own domain then, yes,
disable the checks for unconfined processes. But we should keep the
tests for all programs which have their own domain.
--
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 251 bytes
Desc: OpenPGP digital signature
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20060217/1e2ed599/attachment.sig>
More information about the fedora-devel-list
mailing list